
====================================================================

                               CERT-Renater

                   Note d'Information No. 2016/VULN083
_____________________________________________________________________

DATE                : 26/02/2016

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running IBM Security QRadar SIEM
              versions 7.1, 7.2 prior to 7.1 MR2 Patch 12 Interim Fix 2,
                  IBM QRadar/QRM/QVM/QRIF versions prior to 7.2.6 Patch
                     2 Interim Fix 1.

======================================================================
http://www.ibm.com/support/docview.wss?uid=swg21977665
http://www-01.ibm.com/support/docview.wss?uid=swg21977664
_____________________________________________________________________

Security Bulletin: GNU C library (glibc) vulnerability affects IBM
QRadar SIEM and Incident Forensics (CVE-2015-7547)

Security Bulletin

Document information

More support for:

IBM Security QRadar SIEM

Software version:

7.1, 7.2

Operating system(s):

Linux

Software edition:

All Editions

Reference #:

1977665

Modified date:

2016-02-25

Summary

A GNU C library (glibc) stack-based buffer overflow in getaddrinfo()
vulnerability affects IBM QRadar SIEM and Incident Forensics.

Vulnerability Details

CVEID:

CVE-2015-7547

DESCRIPTION:

GNU C Library (glibc) is vulnerable to a stack-based buffer overflow,
caused by improper bounds checking by the nss_dns backend for the
getaddrinfo() function when performing dual A/AAAA DNS queries. By
sending a specially crafted DNS response, a remote attacker could
overflow a buffer and execute arbitrary code on the system or cause the
application to crash.

CVSS Base Score: 8.1

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/110662

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

Affected Products and Versions

   IBM QRadar SIEM 7.1.n

   IBM QRadar/QRM/QVM/QRIF 7.2.n

Remediation/Fixes

IBM QRadar SIEM 7.1 MR2 Patch 12 Interim Fix 2
IBM QRadar/QRM/QVM/QRIF 7.2.6 Patch 2 Interim Fix 1

Workarounds and Mitigations

None

Get Notified about Future Security Bulletins

Subscribe to

My Notifications

to be notified of important product support alerts like this.

References

Complete CVSS v3 Guide


On-line Calculator v3

Related information

IBM Secure Engineering Web Portal

IBM Product Security Incident Response Blog

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the
links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open
standard designed to convey vulnerability severity and help to
determine urgency and priority of response." IBM PROVIDES THE CVSS
SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT
OF ANY ACTUAL OR POTENTIAL SECURITY VULNERABILITY.

_____________________________________________________________________

Security Bulletin: Vulnerability in IBM Java SDK affects IBM QRadar
SIEM and Incident Forensics. (CVE-2015-7575)

Security Bulletin

Document information

More support for:

IBM Security QRadar SIEM

Software version:

7.1, 7.2

Operating system(s):

Linux

Software edition:

All Editions

Reference #:

1977664

Modified date:

2016-02-25


Summary

There is a vulnerability in IBM SDK Java Technology Edition, Version 6
and 7 that is used by IBM QRadar SIEM and Incident Forensics. This
vulnerability, commonly referred to as SLOTH, was disclosed as part of
the IBM Java SDK updates in January 2016.


Vulnerability Details

CVEID:

CVE-2015-7575


DESCRIPTION:

The TLS protocol could allow weaker than expected security caused by a
collision attack when using the MD5 hash function for signing a
ServerKeyExchange message during a TLS handshake. An attacker could
exploit this vulnerability using man-in-the-middle techniques to
impersonate a TLS server and obtain credentials. This vulnerability is
commonly referred to as SLOTH.


CVSS Base Score: 7.1

CVSS Temporal Score: See

https://exchange.xforce.ibmcloud.com/vulnerabilities/109415

for the current score

CVSS Environmental Score*: Undefined

CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/UI:U/C:H/I:L/A:N)


Affected Products and Versions

   IBM QRadar SIEM 7.1.n

   IBM QRadar SIEM/QRM/QVM/QRIF 7.2.n


Remediation/Fixes

IBM QRadar SIEM 7.1 MR2 Patch 12 Interim Fix 2

IBM QRadar/QRM/QVM/QRIF 7.2.6 Patch 2 Interim Fix 1


Workarounds and Mitigations

None

Get Notified about Future Security Bulletins Subscribe to My
Notifications to be notified of important product support alerts like
this.


References

Complete CVSS v3 Guide


On-line Calculator v3

Related information

IBM Secure Engineering Web Portal


IBM Product Security Incident Response Blog

Acknowledgement

CVE-2015-7575 was reported to IBM by Karthikeyan Bhargavan at INRIA in
Paris, France

*The CVSS Environment Score is customer environment specific and will
ultimately impact the Overall CVSS Score. Customers can evaluate the
impact of this vulnerability in their environments by accessing the
links in the Reference section of this Security Bulletin.

Disclaimer

According to the Forum of Incident Response and Security Teams (FIRST),
the Common Vulnerability Scoring System (CVSS) is an "industry open
standard designed to convey vulnerability severity and help to
determine urgency and priority of response." IBM PROVIDES THE CVSS
SCORES "AS IS" WITHOUT WARRANTY OF ANY KIND, INCLUDING THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
CUSTOMERS ARE RESPONSIBLE FOR ASSESSING THE IMPACT OF ANY ACTUAL OR
POTENTIAL SECURITY VULNERABILITY.

==========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================